|
Ethical Hacker Community Forums
|
|
November 22, 2008, 02:43:05 AM
|
 Show Posts
|
|
Pages: 1 2 [3] 4
|
|
32
|
Ethical Hacking Discussions and Related Certifications / CEH - Certified Ethical Hacker / Re: New member, just got me one of these...
|
on: February 25, 2008, 02:19:01 PM
|
rance,
I'm preparing for the CEH with EC Council material. You say the test was easy mostly because you have been working in the area. Well, I have not been working in the security area. I want the cert so I can get into security. My background, I have had a few computer technician jobs and was a network admin for a little while. I have A+, Sec+ and CCNA. I currently manage training for IT people and do portal stuff (web). Anyway, can you give me some advice on what to concentrate on besides my books?
Thanks
Commgirl
It sounds like you have a fairly well rounded background. I'd say make sure you have a solid understanding of TCP/IP, Ports, Protocols, etc. You'll also want to be very familiar with the tools that are covered in the book. I was surprised by the number of Snort questions there were. There's a lot of general knowledge stuff in the exam, which was probably covered by your Sec+ exam. As BillV said, set up your own test environment and fiddle around. As you're fiddling, use a packet sniffer (Ethereal/Wireshark) to watch what's going on, that'll give you a better understanding of what's all happening. Good luck! Oh, and welcome to EH-Net! |
|
|
|
|
34
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Is the end of ethical hacking soooooon ?????
|
on: February 20, 2008, 10:10:17 AM
|
..snip..
At some point, security is going to be so strong and automated that breaking down the front gates is going to be so rare.
../snip..
As I once heard an auditor say... "You can have the biggest, baddest, thickest steel front door in existence, but it doesn't matter much if it's protecting a tent." You touched a bit on internal stuff. But I also believe, as long as we have servers in our DMZs, especially with back end connectivity, and as long as humans are allowed to continue programming, there are always going to be "external" issues. The biggest problem I seem to come across, is that for so long, all the focus has been on firewalls and protecting the perimeter, that the internal network has been forgotten. The mantra I seem to hear a lot is "well, the firewall is good, and our internal network is trusted... so it's all A-OK!" Hate that response. I think we'll have plenty of work for years to come... |
|
|
|
|
35
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Advice for a newbie please
|
on: February 20, 2008, 09:56:37 AM
|
..snip..
And SQL seems to be THE html of the future. lol
../snip
Not to get nitpicky, but I wouldn't want someone mislead. SQL really has nothing to do with HTML. SQL is a database technology (MS-SQL, MySQL, Postgresql, etc) and lives on the back end. Data in SQL is accessed through programming languages such as PHP, Perl, Python, Ruby, etc. HTML and SQL actually don't communicate at all. Code can be embedded (server side includes) in HTML to poll SQL databases, but HTML has nothing in the markup language to work with databases. Just wanted to clear that up. |
|
|
|
|
37
|
Ethical Hacking Discussions and Related Certifications / CEH - Certified Ethical Hacker / Re: ECH eligibility for self study??
|
on: February 19, 2008, 10:48:00 AM
|
|
Welcome to EH.NET.
I did the self study route, and waited until I was ready before submitting the paperwork. Plus, if you wait, that's more "experience" you have, and the less likely they are to reject your request. I've read elsewhere that people have done self study, just got past their required two years in the security field, and their requests for a voucher were denied.
Plus, and this is speculation, the voucher may only be good for a certain version of an exam. The current version is v5. If you received your voucher, and v6 of the exam is released, the criteria may change, and the voucher becomes invalid.
I'd just wait until you were close to ready to sit for the exam.
|
|
|
|
|
39
|
Ethical Hacking Discussions and Related Certifications / CEH - Certified Ethical Hacker / Re: Regarding CEH
|
on: February 15, 2008, 11:11:43 AM
|
...
It is well known that pen testing out of a virtual machine will result in slightly different results than testing "from the iron". (ie. you actually booted the OS and are using it live) I got kicked in the pills over this just a short while ago. One of the guys that worked for me forgot to bring our testing image (we boot off of external hard drives) to a client site so he used BT3 in a virtual machine to do some of his testing. After we turned over our reports our client wanted to challenge one of the major findings. It turns out some of their admins followed behind us and used their own tools to validate our work, and they found one issue that they could not replicate. It turns out that by using the VM the tester basically got a false positive on a fairly critical vulnerability. This occurs because there is some level of abstraction occuring by your traffic having to pass our of a virtual network stack, into the real network stack, to the target, back to your real network stack, then back to your virtual stack. It isn't common, but it can cause some odd behavior. Morale of the story: training with VMs is good, real world testing with VMs is not so good.
I'd really be interested in the technical details of this discrepancy, if you're able to elaborate further. I plan to consolidate testing platforms to a single machine using virtualization, and I'd like to understand what you saw here. About the only thing I can imagine would be some sort of TCP/IP vulnerability, but I can't think what specifically you encountered. |
|
|
|
|
41
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: VOIP Security
|
on: January 31, 2008, 02:59:36 PM
|
Alright, I'm doing some 'footwork' myself, to gather and glean information, but I would definately appreciate any links, experience, or advice and opinions from those of you who know on this issue. We're going over our VOIP system right now, and considering the security of it in general. We are of course in a switched network, and have the VOIP traffic running over it's own VLAN.
My question is... security wise how would that be looking? We're a Cisco house, using Cisco VOIP phones, etc. I was under the impression that ARP poisoning, and man in the middle attacks, combined with Cain and Abel or another sniffer/translator program would make listening into the VOIP system rather easy. I just recently in my search came accross a Cisco white paper saying that having the phones on a different VLAN (even though the computers hook into the phones) negates man in the middle attacks.
So, please any thoughts, opinions, insights, or solutions would be highly appreciated.
A snipped I gleaned from here: http://www.roboguys.com/index.php?option=com_content&task=view&id=57&Itemid=47Dividing your broadcast domains in your network up can limit the effectiveness of an ARP based attack. Traffic for a machine not on the same broadcast domain as the attacker cannot be redirected due to the nature of ARP; it's a broadcast protocol. Dividing your important servers into a separate network can provide a layer of security against this type of attack and follows good industry design standards.
One additional method of defending against this attack is to hardcode each IP address to each MAC address on vulnerable systems. Naturally, this has a high level of administrative overhead and can be cumbersome and fraught with problems in some situations. Implementing a solution such as this is only practical for a limited number of servers and devices in most cases, but is probably one of the more effective methods of actually stopping ARP spoofing attacks.
So, if your VoIP devices are on a separate VLAN, they should be protected from simple attacks by residing on a separate broadcast domain. Now, if you were able to sneak a machine on you VoIP VLAN, I don't know what would stop someone from being able to perform a MITM attack, unless of course, you are utilizing Static MAC address configuration on your switches (which, with my limited exposure to VoIP may be happening as part of normal device deployment/configuration). It'd be fun to test... so... get testing!  |
|
|
|
|
43
|
Resources / Tools / Re: php2relay
|
on: January 31, 2008, 11:10:10 AM
|
Rance,
looks quite nice, I'm a php man myself and the tool fits in nicely with a job I've been putting off for a few weeks. I'll have a play and let you know if I find any issues.
Cheers for sharing
Well, hope it helps! Let me know how it turns out for ya... |
|
|
|
|
44
|
Resources / Tools / php2relay
|
on: January 31, 2008, 01:06:03 AM
|
When I first mentioned that I wrote this, it was suggested that I publish it. So... here it is: http://www.industrial.mu/tools/php2relay.txtBasically, it's a quick and dirty open SMTP relay tester that will work on a range of IP addresses. Yes, it's written in PHP, and you'll need PHP5. (I suck at teh Perl, so... deal  ) Just copy it, save it, run it with> php php2relay.php (options) Or make it executable, and drop the initial php. Should process either way. Also, verify your php binary with "which php" and modify the first line as necessary. Have fun, use responsibly, let me know if there are any questions. |
|
|
|
|
Loading...
|
Forum 
Programming : Using Assembly to access locked files
